1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
|
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
|
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
|
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
OpenSSL_add_all_algorithms(); /* Load ciphers and digests */
#endif
SSL_CTX_set_app_data(ctx, (void*)interp); /* remember the interpreter */
SSL_CTX_set_options(ctx, SSL_OP_ALL); /* all SSL bug workarounds */
SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); /* disable compression even if supported */
SSL_CTX_set_options(ctx, off); /* disable protocol versions */
#if OPENSSL_VERSION_NUMBER < 0x10101000L
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); /* handle new handshakes in background. On by default in OpenSSL 1.1.1. */
#endif
SSL_CTX_set_options(ctx, SSL_OP_ALL); /* Enable all SSL bug workarounds */
SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); /* Disable compression even if supported */
SSL_CTX_set_options(ctx, off); /* Disable specified protocol versions */
/* Allow writes to report success when less than all records have been written */
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
/* Disable attempts to try to process the next record instead of returning after a
non-app record. Avoids hangs in blocking mode, when using SSL_read() and a
non-application record was sent and no application data was sent. */
SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_sess_set_cache_size(ctx, 128);
/* Set user defined ciphers, cipher suites, and security level */
if ((ciphers != NULL) && !SSL_CTX_set_cipher_list(ctx, ciphers)) {
Tcl_AppendResult(interp, "Set ciphers failed: No valid ciphers", (char *) NULL);
SSL_CTX_free(ctx);
return NULL;
|
